Problem:
Set up an external cache on 1.2.3.4
for clients in the 1.2.3.* network.
| BIND solution:
- Create a localhost zone file,
with an SOA record, an NS record, and an A record.
- Create a 0.0.127.in-addr.arpa zone file,
with an SOA record, an NS record, and a PTR record.
- Create a root.hints zone file
with the root server IP addresses.
- Create a named.conf file:
zone "localhost" in { type master; file "localhost"; };
zone "0.0.127.in-addr.arpa" in { type master; file "0.0.127.in-addr.arpa"; };
zone "." in { type hint; file "root.hints"; };
options { interface-interval 0; listen-on { 1.2.3.4; }; allow-query { 1.2.3/24; }; };
- Start named.
- Make sure that your boot scripts start named.
| djbdns solution:
- Create Gdnscache and Gdnslog accounts.
- dnscache-conf Gdnscache Gdnslog /etc/dnscache 1.2.3.4
- ln -s /etc/dnscache /service
- cd /service/dnscache
- touch root/ip/1.2.3
|
Problem:
Also allow queries from clients in the 1.5.* network.
| BIND solution:
- Edit named.conf.
- Add 1.5/16 to the allow-query section.
- Send a HUP signal to named.
- Look for errors in your system's logs.
The ``DNS and BIND'' book says, correctly, that you have to do this,
because otherwise ``you might never notice'' syntax errors
in the configuration files.
| djbdns solution:
- cd /service/dnscache
- touch root/ip/1.5
|
Problem:
Run the cache non-root and chrooted.
| BIND solution:
- Create a Gbindin account.
- mkdir /etc/bindin
- Copy various system-dependent files,
which are not thoroughly described in the BIND manual,
into /etc/bindin.
- Kill named.
- Start named -u Gbindin -t /etc/bindin.
- Change the named line in your boot scripts accordingly.
| djbdns solution:
Relax. It's already non-root and chrooted.
|
Problem:
Arrange for the cache to be restarted if someone accidentally kills it.
| BIND solution:
Write a script
that looks for the named process,
restarts named if it is not running,
pauses for a second,
and repeats.
Start that script.
| djbdns solution:
Relax.
The cache is already monitored.
|
Problem:
Tell the cache to consult an internal server
at IP address 10.1.2.5
for information about moon.x.mil.
| BIND solution:
- Edit named.conf.
- Add a forwarding zone:
zone "moon.x.mil" in { type forward; forward only; forwarders { 10.1.2.5; }; };
- Send a HUP signal to named.
- Look for errors in your system's logs.
| djbdns solution:
- cd /service/dnscache
- echo 10.1.2.5 > root/servers/moon.x.mil
- svc -t .
|
Problem:
Tell the cache to follow a new delegation from the internal server
to 10.1.2.6 for d.moon.x.mil.
| BIND solution:
- Edit named.conf.
- Add another forwarding zone:
zone "d.moon.x.mil" in { type forward; forward only; forwarders { 10.1.2.6; }; };
- Send a HUP signal to named.
- Look for errors in your system's logs.
| djbdns solution:
Relax.
The cache follows delegations.
|
Problem:
Set up a server on 1.2.3.5
to publish information about x.mil and 1.2.3.*.
| BIND solution:
- Create an x.mil zone file,
with an SOA record and an NS record.
- Create a 3.2.1.in-addr.arpa zone file,
with an SOA record and an NS record.
- Create a named.conf file:
zone "x.mil" in { type master; file "x.mil"; };
zone "3.2.1.in-addr.arpa" in { type master; file "3.2.1.in-addr.arpa"; };
options { interface-interval 0; listen-on { 1.2.3.5; }; recursion no; fetch-glue no; allow-transfer { none; }; };
- Start named.
- Make sure that your boot scripts start named.
| djbdns solution:
- Create Gtinydns and Gdnslog accounts.
- tinydns-conf Gtinydns Gdnslog /etc/tinydns 1.2.3.5
- ln -s /etc/tinydns /service
- cd /service/tinydns/root
- ./add-ns x.mil 1.2.3.5
- ./add-ns 3.2.1.in-addr.arpa 1.2.3.5
- make
|
Problem:
Run the server non-root and chrooted.
| BIND solution:
- Create a Gbindout account.
- mkdir /etc/bindout
- Copy various system-dependent files,
which are not thoroughly described in the BIND manual,
into /etc/bindout.
- Kill named.
- Start named -u Gbindout -t /etc/bindout.
- Change the named line in your boot scripts accordingly.
| djbdns solution:
Relax.
The server, like the cache, is already non-root and chrooted.
|
Problem:
Add a host, lion.x.mil,
with address 1.2.3.4.
| BIND solution:
- Edit the x.mil zone.
- Add lion A 1.2.3.4.
- Change the serial number in the SOA record.
- Edit the 3.2.1.in-addr.arpa zone.
- Add 4 PTR lion.x.mil.
- Change the serial number in the SOA record.
- Send a HUP signal to named.
- Look for errors in your system's logs.
As noted above:
The ``DNS and BIND'' book says, correctly, that you have to do this,
because otherwise ``you might never notice'' syntax errors
in the configuration files.
Oops! Did I forget the dot on lion.x.mil?
As the ``DNS and BIND'' book says:
``It's very easy to leave off trailing dots.''
| djbdns solution:
- cd /service/tinydns/root
- ./add-host lion.x.mil 1.2.3.4
- make
You don't have to check your system's logs:
if there are any syntax errors, disk-write errors, etc.,
they'll appear on your screen in response to make.
Anyway, the add-host program never introduces any syntax errors.
|
Problem:
Avoid accidentally reusing a previous host name,
or reusing a previous host IP address.
| BIND solution:
Manually search the zone file for the new host name
and the new IP address.
You won't have to look far
if you sort your forward zones by name
and sort your reverse zones by address.
| djbdns solution:
Relax.
add-host handles this automatically.
(If you want to reuse a name or address,
use add-alias.)
|
Problem:
Avoid destroying a zone if there's trouble saving new data:
e.g., not enough disk space,
or a sudden power outage.
| BIND solution:
- Copy the zone file.
- Edit the copy.
- Sync the copy to disk.
- Rename the copy.
| djbdns solution:
Relax.
add-host handles this automatically.
|
Problem:
Make sure there are no syntax errors in new data added by hand.
| BIND solution:
Watch your system's logs for error messages.
Some messages mean that
named is no longer providing information about that zone,
and users will begin seeing failures in a matter of seconds;
in this case, panic.
| djbdns solution:
If there is a syntax error,
make will print an error message immediately,
and tinydns will continue providing the old data.
|
Problem:
Send incoming mail for x.mil
to a mail server at 1.2.3.4.
| BIND solution:
- Edit the x.mil zone.
- Add @ MX 0 lion.
- Change the serial number in the SOA record.
- Send a HUP signal to named.
- Look for errors in your system's logs.
| djbdns solution:
- cd /service/tinydns/root
- ./add-mx x.mil 1.2.3.4
- make
|
Problem:
Delegate elysium.x.mil
to a DNS server at 1.2.3.144.
| BIND solution:
- Edit the x.mil zone.
- Add elysium NS a.ns.elysium.
- Add a.ns.elysium A 1.2.3.144.
- Change the serial number in the SOA record.
- Send a HUP signal to named.
- Look for errors in your system's logs.
| djbdns solution:
- cd /service/tinydns/root
- ./add-childns elysium.x.mil 1.2.3.144
- make
|
Problem:
Replicate DNS service from 1.2.3.5 to 1.2.3.6.
| BIND solution:
On 1.2.3.5:
- Edit named.conf.
- Insert 1.2.3.6; into the allow-transfer section.
- Edit the x.mil zone file.
- Add an NS record pointing to 1.2.3.6.
- Edit the 3.2.1.in-addr.arpa zone file.
- Add an NS record pointing to 1.2.3.6.
- Send a HUP signal to named.
- Look for errors in your system's logs.
On 1.2.3.6:
- Create a named.conf file:
zone "x.mil" in { type slave; file "x.mil"; masters { 1.2.3.5; }; };
zone "3.2.1.in-addr.arpa" in { type slave; file "3.2.1.in-addr.arpa"; masters { 1.2.3.5; }; };
options { interface-interval 0; listen-on { 1.2.3.5; }; recursion no; fetch-glue no; allow-transfer { none; }; };
- Start named.
- Make sure that your boot scripts start named.
| djbdns solution:
On 1.2.3.6:
- Create Gtinydns and Gdnslog accounts.
- tinydns-conf Gtinydns Gdnslog /etc/tinydns 1.2.3.6
- ln -s /etc/tinydns /service
On 1.2.3.5:
- cd /service/tinydns/root
- At the top of Makefile,
add a target remote: data.cdb,
with command
rsync -az -e ssh data.cdb 1.2.3.6:/ service/ tinydns/ root/ data.cdb.
(No spaces after the slashes.)
- ./add-ns x.mil 1.2.3.6
- ./add-ns 3.2.1.in-addr.arpa 1.2.3.6
- make
|
Problem:
Replicate a newly created zone.
| BIND solution:
- Edit named.conf.
- Add a new type slave line.
- Send a HUP signal to named.
- Look for errors in your system's logs.
| djbdns solution:
Relax.
New zones are automatically replicated.
|